June 17, 2018

IntroductionThe following article cover a few common SSL/TLS decryption techniques. Please note that the article assumes that the attacker doesn’t have a pre-access to the digital certificate private key or the encryption keys.Attack Vectors1. Stealing the digital certificate private key and/or the SSL/TLS session key. A physical access, trojan horse or other client-side attack techniques can be used to accomplish this task. After it, the attacker can use sniffer or another tool, to copy the network traffic to a local or remote store, and then decrypt it. Please note the limitations of this technique while the SSL/TLS is based...